Web Fraud 2.0: Distributing Your Malware

The allure of cyber crime lies in its promise of quick riches, much like that of the illegal drug trade. But building a network of hacked personal computers that can distribute your data-stealing malicious software is a time-consuming process that requires a modicum of skill. That is, until recently, when several online services have emerged that promise to help would-be cyber crooks graduate from common street dealers to distributors overnight.

Such is the aim of services like "loads.cc," which for a small fee will take whatever malware you provide and inject it into a pre-selected number of PCs already compromised and under the thumb of the service owners.

Currently, loads.cc claims to have 264,552 hacked systems in more than a dozen countries that it can use as hosts for any malicious software that clients want to install. The latest details from the "statistics" page displayed for members says the service has gained some 1,679 new infectable nodes in the last two hours, and more than 33,000 over the past 24 hours.

So, let's say I'm a wannabe cyber crime guy, and I download or purchase some malware from any number of forums that host these things or configure them to your liking. I then mosey on over to loads, and check out their distribution price lists. For $100, I can have my malware loaded onto 1,000 PCs around the globe for roughly $100, or 10 cents per compromised machine. I merely tell the site the location of the URL where my malware is hosted, pay for the service with Webmoney, and sit back and wait for my soon-to-be-infected machines to start sending me their passwords and other sensitive data.

Interestingly, loads.cc seemed to have either angered an established cyber criminal or tread upon space already occupied by another organized crime outfit earlier this year, because the site came under a fairly heavy and sustained distributed denial-of-service attack (DDoS) aimed at knocking the service offline. The site operators responded by creating a new domain for their service with "ddos" in its URL.

Other up-and-coming malware distribution services are trying to gain a foothold in this nascent criminal Web 2.0 industry. Loadsforyou.biz offers slightly more competitive rates, promising to stitch your malware into 10,000 hacked PCs in the U.S. for just $120. And they claim to accept PayPal, which might appeal to newbie cyber thieves who are unfamiliar with the ways of Webmoney and other more Euro-centric virtual currencies.

If a know-nothing cyber crook can pay $120 and infect 10,000 already-hacked PCs in the United States, what does that say about the sheer number of systems under control of the bad guys? To me, it says that compromised machines or "bots" as they are more commonly known, have become a commodity, or - to cite Wikipedia's definition -
"undifferentiated goods characterized by a low profit margin."

I hope this is obvious, but it's probably best to avoid visiting the sites named in this post, as they exist solely to orchestrate the infection of computer systems.

If you'd like to discuss any part of this Web Fraud 2.0 series, or have any other computer-security related question on your mind, join us at 11 a.m. ET today for our Security Fix Live discussion.

That RBN blog is an interesting read. His investigation into the Russian cyber attack differs from that of Shadow Servers, who believe it was more of a privately run operation.

Hard to believe that it was a private organized gang, or random Russian hackers purusing a similar goal. The level of coordination, and the launch of the cyber attack a day before the alleged "response" to Georgian actions, is troubling.

One question that does remain: if RBN Networks were used in the cyber attacks against Georgia and Estonia, what degree of involvement did the Russian government or the FSB have in the attacks?

What I'd really like to see are statistics on how badly the major OSs are affected, ie Windows vs OSX vs Linux, adjusted for the installed base sizes, of course.

Having a number of friends now who have been clobbered by someone taking over their machines, some hard numbers relating to the vulnerability of the major OSs would be invaluable. All of the people I know who have had that happen to them run Windows, but that is hardly a valid statistical sampling.

My passwords have been changed twice and my understanding is that the bots got in from Windows and tunnelled their way through Parallels into OSX. The bot or scumbag then expropriated my files and all my mail by setting my security lock to "Open" every time I rebooted.

The real challenge is that there is no one taking this seriously for the single and financially challenged operator who relies on their computer to create a business online. What is happening is a crime yet there is no where to report it as far as I am aware and even more important, nobody who can fix the infection that AntiSpyware doesn't touch.

"Why haven't the security organizations utilized these malware distribution mechanisms to inject anti-malware or malware-cleanup programs into the networks?"

Oddly enough, that doesn't happen due to legal reasons. While the purveyors of malware don't care about breaking the law, most of the "good guys" that come up with a solution like yours are hesitant to take action, since compromising a PC and installing anti-malware software is illegal as well.

I'd love to cleanup 100,000 infected PCs and help reduce the cases of identity theft and spam emails, but I'm not going to open myself to criminal charges and civil litigation to do so.